1. Field of the Invention
This invention relates to a secured identification medium and a method for securing such a medium.
2. Description of the Related Art
The invention is located in the area of identification media comprising a memory storage element of the integrated circuit type, on which variable identification information is printed such as a photograph of the holder, for example, which are designed for security applications such as identity, governmental use or others. These media, which comprise a contactless or contact integrated circuit, may for example be driving licences, identity cards, membership cards, access cards, passports, bankcards, electronic purses, multi-application cards and other security papers. Due to the value and the importance of all these documents, they are often the subject of unauthorised copying, alterations, changes and counterfeiting.
Such media comprise a body, an integrated circuit and an interface for communicating with the outside. In contact type media, the communication interface takes the form of contact pads that are flush with the surface of the body. In contactless media, the interface takes the form of an antenna embedded in the body. According to the means of communication fitted on it, the medium may be called contactless, contact type, hybrid or dual interface.
In order to prevent the deterioration, alteration or counterfeiting of such media, there are currently several securing techniques.
For instance, the first technique consists in adding security elements such as holograms, guilloches, ultraviolet inks, micro-letters etc. on the identification information printed on the medium in order to minimise fraud. However, the technique offers only first-level security and does not prevent the replacement of the integrated circuit, for example.
Another technique consists in linking the security element to another element of the identification medium. That technique, known as PROOFTAG™ and developed by NOVATEC, consists in generating random bubble codes. To check the code, a database is queried and a check is made with the data saved on the magnetic stripe of the card or with the data printed on its body.
Other security solutions, called digital watermarking, consist in inserting a hidden piece of data in the printing. These solutions seem to be the most suitable and the most widespread for securing physical media that include an integrated circuit and an image of the identity photograph type, because they offer the benefit, among others, of not requiring the addition of specific readable physical elements in and/or on the body of the card. These are the techniques marketed under the names CRYPTOGLYPHE™, SCRAMBLED INDICIA™, IPI™ or ICI™.
Watermarking consists in fact in concealing a message, which is to be transmitted confidentially, in apparently insignificant data in such a way that its presence is imperceptible. As with cryptography, watermarking makes it possible to exchange messages with someone without others being aware of it. But whilst in ordinary cryptography, security relies on the fact that the message will in all likelihood not be understood, with watermarking, security relies on the fact the message will in all likelihood not be detected.
Watermarking is thus used to secure a medium, particularly a medium carrying an image, sound or video, by cleverly inserting a permanent mark in the said medium without any apparent alteration of the medium.
Digital watermarking is applied to digital images. It has grown considerably in recent years, chiefly due to the increasing need to protect the transfer of images over the Internet. This technique consists in inserting a mark into digital images. The mark is imperceptible to the human eye but can be read by a dedicated recognition system. The recognition system makes it possible to make sure that the protected image is authentic.
The content of a mark is typically a few tens of bits of data at the most. It may contain information about the permissions relating to the document or an indication about the person who owns the document. The information may be encoded with a secret key that is unique to each holder. In that way, any person who unlawfully claims to own the document can be exposed.
The conditions for good digital watermarking for media such as IC cards with images are as follows—it must be strong and withstand so-called “print scan” attacks and ageing. In the first case, the mark must offer high resistance to printing and be very easy to read. In practice, the mark undergoes deterioration, particularly due to the printing weave or analogue to digital conversion for instance, which leads to the addition of noise, slight geometric distortions and a change of scale generated by the acquisition process. Such deterioration does not facilitate image synchronisation (identification of image markers). Despite the deterioration, the mark must be able to be read from an analogue capture of the previously printed identity photograph, for example by means of a scanner, a digital camcorder, a webcam or a digital camera.
In the second case, the medium and the photograph undergo attacks relating to ageing. In that case, the damage is both “mechanical” and “colorimetric”. It is reflected, for instance, in the fading of the colours and the presence of dirt or scratches due to the frequent unprotected use of the body of the card. But the mark must be interpretable even if the image of the identity photograph has undergone such attacks.
While digital watermarking techniques seem to be more promising for applications such as the securing of IC card bodies, it so happens that these techniques do not withstand all the attacks on the printed image.
Also, verification, after reading the hidden physical security information, often requires accessing a database, which leads to difficulties relating to the storage of the data, securing the stored data and simply accessing the data.
In order to improve the strength and resistance to attacks and eliminate the need to access a database for verifying the secured element, a solution has been envisaged and has been covered by the patent application published under number EP1800944. That solution, a schematic drawing of which has provided in FIG. 1, consists in generating, from a digital image 21, a pseudo-random sequence 22 and an insertion algorithm 23, an image feature vector Vsi(n), a secret key C and a digital image signature that are stored in the integrated circuit. A subsequent stage consists in generating, from the printed and captured analogue image and the secret key C, an image feature vector Vsi(p). The last stage of the process then consists in comparing, using a read-back algorithm 29, the image feature vectors Vsi(n) and Vsi(p).
This method, like all the security methods that exist to date, thus consists in comparing, directly or indirectly, an analogue image (Ip) printed on a medium with a digital image (In), to make sure that there is a link between the printed image and the integrated circuit and thus confirm the validity of the whole made up by the body of the medium and the integrated circuit. However, the printed analogue image (Ip) is deteriorated as compared to the digital image (In). The deterioration of the image is due, first of all to printing, which particularly attacks high frequencies, to image capture, particularly sensor noise and the lighting context, and secondly to the interpolation inevitable for recovering the digital format. The analogue image is finally the result of the transformation of the digital image by so-called RST (Rotation Scale Translation) resulting from the rotations, scaling and translations undergone by the image when it is printed. These natural attacks related to the security method are supplemented by attacks on the printed image due to card ageing, which leads to scratches on the image, faded colours etc. The fact that the printed image (Ip) is only a deteriorated version of the digital image (In) presents serious problems for all the existing solutions. As a result, such a comparison between the analogue image and the digital image is not 100% reliable, and reliability decreases over time due to deterioration relating to ageing. Concretely, for effective comparison between a digital image and an analogue image, regardless of the techniques and/or precautions used, tolerance by nature is required in order not to have an excessively high false rejection rate, where authentic cards fail the examination. Such tolerance inevitably affects the quality of the conclusion—the FAR (false acceptance rate) is necessarily increased, which decreases the security level in a way.
That is particularly identified in the area of watermarking because it must be invisible to be acceptable and resistant, and at the same time decodable in spite of attacks. These two objectives are contradictory and the failure to control deterioration weakens the process.